CVE-2014-2888

EUVD-2017-0313
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
Affected Products (NVD)
VendorProductVersion
herrysfpagent
𝑥
≤ 0.4.14
herrysfpagent
0.0.1
herrysfpagent
0.1.0
herrysfpagent
0.1.1
herrysfpagent
0.1.2
herrysfpagent
0.1.3
herrysfpagent
0.1.4
herrysfpagent
0.1.5
herrysfpagent
0.1.6
herrysfpagent
0.1.7
herrysfpagent
0.1.8
herrysfpagent
0.1.9
herrysfpagent
0.1.10
herrysfpagent
0.1.11
herrysfpagent
0.1.12
herrysfpagent
0.1.13
herrysfpagent
0.1.14
herrysfpagent
0.2.0
herrysfpagent
0.2.1
herrysfpagent
0.2.2
herrysfpagent
0.2.3
herrysfpagent
0.2.4
herrysfpagent
0.2.5
herrysfpagent
0.2.6
herrysfpagent
0.2.7
herrysfpagent
0.2.8
herrysfpagent
0.2.9
herrysfpagent
0.2.10
herrysfpagent
0.3.0
herrysfpagent
0.3.1
herrysfpagent
0.3.2
herrysfpagent
0.3.3
herrysfpagent
0.3.4
herrysfpagent
0.3.5
herrysfpagent
0.3.6
herrysfpagent
0.3.7
herrysfpagent
0.3.8
herrysfpagent
0.3.9
herrysfpagent
0.3.10
herrysfpagent
0.4.0
herrysfpagent
0.4.1
herrysfpagent
0.4.2
herrysfpagent
0.4.3
herrysfpagent
0.4.4
herrysfpagent
0.4.5
herrysfpagent
0.4.6
herrysfpagent
0.4.7
herrysfpagent
0.4.8
herrysfpagent
0.4.9
herrysfpagent
0.4.10
herrysfpagent
0.4.11
herrysfpagent
0.4.12
herrysfpagent
0.4.13
𝑥
= Vulnerable software versions
References
http://seclists.org/fulldisclosure/2014/Apr/243
http://www.openwall.com/lists/oss-security/2014/04/16/1
http://www.openwall.com/lists/oss-security/2014/04/18/4
http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html
http://seclists.org/fulldisclosure/2014/Apr/243
http://www.openwall.com/lists/oss-security/2014/04/16/1
http://www.openwall.com/lists/oss-security/2014/04/18/4
http://www.vapid.dhs.org/advisories/spfagent-remotecmd.html